Describe the bugHello everyone, I don't know exactly is this a bug or just my fault, but I need some help🙏🙏🙏I have an ap...

Describe the bugStarting with the latest changes toAbstractRequestMatcherRegistry CsrfConfigurer.ignoringRequestMatchers...

https://github.com/spring-projects/spring-security/blob/2ef9dc916fe5d98a99319c72f575b1f5c8cdf474/saml2/saml2-service-pro...

Describe the bugAfter upgrading to spring boot 3.1.2 (implicitly upgrading spring-security to 6.1.2), my applicatin no l...

Integrated user-defined session policies without changing original configurationsComment From: jzheauxThanks for the rep...

This is perhaps a little controversial, but I've sometimes wondered about the possibility of converting some of the more...

Describe the bugSpring security is creating sessions even though it should not. I am receiving the Set-Cookie header whi...

Since spring-security 5.8.5 org.springframework.security.web.server.util.matcher.PathPatternParserServerWebExchangeMatch...

After upgrading to Spring Boot 2.5.0 which includes Spring Security 5.5.0 I noticed that OpenSamlAuthenticationProvider ...

HI ,I am migrating spring boot application to 3.1.1 and Jdk 17 And i have "OAuth2RestTemplate " with dependency ...

Comment From: albertus82Hi, just updated from 5.8.4 to 5.8.5 and encountered java.lang.IllegalArgumentException: This me...

I just encountered a problem with property overriding when I tried to override the client-id of the opaque-token propert...

Check this comment for the rationale https://github.com/spring-projects/spring-security/issues/13561#issuecomment-164405...

Describe the bugI'm using Spring Security (reactive, v6.1.1). Adding the micrometer-tracing-bridge-otel or micrometer-tr...

https://github.com/spring-projects/spring-framework/issues/30719Comment From: marcusdacoregioClosed via https://github.c...

Expected BehaviorThe @ PreAuthorize annotation on the class and the @ PreAuthorize annotation on the methods below the c...

Expected BehaviorWhen an Authorization Server returns an access token with a custom attribute for scope, the value store...

SummaryWhen using oauth2ResourceServer, I am getting a stackoverflow error if the application receives an invalid tokenA...

@Bean public AuthenticationManager authenticationManager(HttpSecurity security) throws Exception { return secu...

Spring Framework 6.1 removes LocalVariableTableParameterNameDiscoverer. Since this affects how @PreAuthorize and others ...